Ninety-one percent of targeted attacks start with spear- phishing email, according to a newly released research by Trend Micro.Spear-phishing emails contain a malicious attachment exploiting a Microsoft Office vulnerability (CVE-2012-0158).These emails are part of the operations of an emerging and active targeted threat called Safe campaign, the operations of which are documented in the research paper by Trend Micro.These spear-phishing emails contain a malicious attachment and encourage a recipient to open a harmful attachment by attracting him with contextually relevant content. From a threat perspective, Trend Micro has identified five key target organisations including government ministries, technology companies, media outlets, academic research institutions and non-governmental agencies.Threats are not new and IT departments have already seen various kinds of advanced persistent threats (APTs) or malware-based espionage attacks that have been around for years. Recent years have seen “noisier” campaigns within the security community, and now are learning to combat the emerging new and smaller campaigns.Trend Micro has not determined the total number of victims in the campaign but apparently, about 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to this threat and the average number of actual victims was counted at 71 per day.Defence strategyAs this threat identified by Trend Micro has the potential to affect people all across the world, enterprises should focus on detecting and mitigating attacks and leverage core components of a defence strategy as presented by the report.Businesses can use logs from endpoint, server, and network monitoring to gain a view of the activities within an organisation. This information can be processed for anomalous behaviours and eventually indicate a targeted attack.Integrity checks should be performed as malware will make modifications to the file system and registry in order to maintain persistence. Enterprises should also empower human analysts and also leverage technologies available today to gain visibility, insight, and control over networks to defend against targeted threats.Once an attack is identified, the cleanup strategy should focus on determining the attack vector and cut off communications with the command-and-control (C&C) server.IT department should then also determine the scope of the compromise and assess the damage by analysing the data and forensic artifacts available on compromised machines. Related content news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Generative AI Machine Learning news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe